Smartphones have been the target of countless hacking attempts although there has always been one part of the phone that remained foolproof – the SIM card. That unfortunately is no longer the case as a German cryptographer by the name of Karsten Nohl claims to have found encryption and software flaws that could potentially affect millions of users.
Nohl and his team have been working to find SIM card vulnerabilities for the past three years. What he ultimately found, a two-part flaw that is based on an old security standard and poorly configured code, could allow a hacker to infect a SIM card with a virus. Once compromised, the hacker could force a handset to send premium text messages, carry out payment system fraud or even record and redirect phone calls.
After testing nearly 1,000 SIM cards, Nohl concluded that there simply isn’t an obvious pattern to go by. As he noted, different shipments of SIM cards either do or do not have the bug. His research found that slightly less than a quarter of all the SIM cards he tested could be hacked. He further pointed out that when you factor in varying encryption methods used around the world, nearly half a billion mobile devices could be vulnerable.
The good news (for now, at least) is that he believes cyber criminals have not yet discovered the bug. Now that news of it is spreading, however, it’ll probably only take around six months or so before hackers are able to crack it. With any luck, the wireless industry will have taken note and issued a fix.
Nohl will be presenting his findings at the Black Hat security conference in Las Vegas at the end of the month.